The assignment is an individual project in which you will apply the concepts learned during the labs to develop a secure Android application.

Your task is to develop an app with any topic/purpose of your choice, which has the following components and functionalities:

• At least 2 activities - 1p
• At least 1 broadcast receiver - 1p
• Asynchronous work performed on threads other than the main one, or periodically scheduled work 1.5p
• Notifications - 0.5p
• Integration with at least 1 API, for example: 3p
  • https://api.tfl.gov.uk/ - data for air quality, pollution, transportation etc
  • https://earthquake.usgs.gov/fdsnws/event/1/ - data for earthquakes
  • https://openweathermap.org/api - weather
  • Food APIs list
• 1 Settings Activity (can be included in the minimum of 2 activities required for the project) and the use of Shared Preferences 1p (settings activity 0.5p and shared preferences 0.5p)
• Respect the security guidelines presented throughout the lectures and labs 2p

The application must be implemented using native Android code, in Kotlin or in Java. If implemented in a framework such as Flutter, all the security requirements must be implemented and the student must show an understanding of their role, in order for the project to be considered for grading.

In the cases where the topic chosen for the app doesn't fit very well into the requirements (e.g. it doesn't need a notification from a usability point of view), then the student should discuss this with the Teaching Assistant to receive advice on how to replace that requirement with something else.

• You can use this web APK scanner to check how secure your app is
• Do not export components (services, broadcast receivers, apps) unless it's really necessary
• Use a local broadcast manager if applicable
• Declare only the necessary permissions
• Check/request permissions in the activity/other component
• Always use https and, if necessary, validate the digital certificate if a custom one is used
• Always use internal storage
• Sensitive information to be encrypted (authentication tokens, passwords) using EncryptedFile or EncryptedSharedPreferences. For more information you can check here
• Encrypt the data for sensitive communication (e.g. over Bluetooth)

The code must be submitted on each student's private Github repository used for the SMD activities and created via Github classroom.

The projects will be checked for plagiarism.

1. Choose a topic for your app: until April 20th 2023
   • discuss your idea with your teaching assistant (at the lab, on MS Teams or by email)
2. Intermediary project presentation: April 27th 2023
   • Presentation will be a discussion with the Teaching Assistant, during the lab, about the progress you made on your project
   • There will be slots in which you can present
   • Each presentation will take at most 10 minutes
3. Project presentations: May 25th 2023
   • The assignment will be presented during the lab

Bonus points can be obtained for including:

• Input sanitization for database storage (to prevent SQLite injection)
• Special UI design
• MVVM, livedata
• Kotlin corutines or rxJava/rxKotlin
• Unit testing
• Code readability, modularization, clean code
• Integration with an API which belongs to a custom server written by you

The amount of bonus points will be decided by the teaching assistant when evaluating the project.

In order to receive bonus points, the project must be functional, respect the security guidelines and the required components.

1. 3 points out of the total 10 for the whole semester (exam, labs etc) for a complete assignment
2. Penalties:
   • 0.3 points - for not submitting the project topic in time
   • 0.5 points - for not presenting the intermediary project presentation
   • No points will be given if the project is not functional and doesn't respect the assignment requirements